FRAPL is a reverse engineering framework created to simplify dynamic instrumentation with Frida.

The core of FRAPL is FridaLink - TCP/JSON based protocol and IDA plugin for establishing a bridge between Frida client and IDA Pro. It brings runtime information to IDA disassembly and allows monitoring dynamic changes by controlling Frida directly from IDA.

FRAPL requires just three simple steps to actually start reverse engineering. Without a single line of code.

This is a new way of combining static and dynamic analysis.

   Presentation

   [Slides](./Publications/2016 Ruxon 12/Ruxcon_12_FRAPL.pdf)

   iOS Demo
   macOS Demo

• iOS/* - iOS specific FRAPL headers (classes, helpers, UI)
• macOS/* - macOS specific FRAPL headers (classes, helpers, UI)
• FrAClientCore.js - Node.js Frida client core
  • Client script (with include() command support)
  • Executing server script on target
  • Frida RPC client/server message handling (client side)
  • FridaLink message handling (from Frida server and from/to IDA)
  • Shortcut handling
• FrAServerCore.js - JS Frida server core
  • Frida RPC client/server message handling (server side)
• FrAHelperLib.js - JS code to communicate with FRAPL Helper Library
• FrAFridaLink.js - JS Frida server functions for FridaLink
• FrACommon.js - Node.js/JS code to share between Frida client and server
• FrAGCD.js - JS code to add Grand Central Dispatch support to Frida server
• FrAdlfcn.js - JS code to add dl* funtions support from libdyld.dylib
• FrAUtils.js - Node.js/JS utility functions to share between Frida client and server
  • Algorithms
  • Output formatting
  • Dumpers (like memory and ObjC)
  • Other helper functions

• FridaLink/ - FridaLink Source Code
• FridaLink.py - IDA Pro script (will be a plugin eventually) to implement FridaLink server

• package.json - nmp package description to install all dependencies
• create_project.sh - Script for generating minimal scripts for FRAPL and FridaLink
• README.md - this readme file

To install required nmp modules run following command in FRAPL folder:
$ nmp install

FridaLink setup is as simple as 1-2-3 and requires just three steps to attach to app and actually start reverse engineering your target. Without a single line of code.

1. In IDA press ALT+F7 and load FridaLink.py
2. In terminal run $ ./create_project.sh -f ~/Projects/TargetApp ; cd ~/Projects/TargetApp to create project
3. In terminal to attach to target and establish FridaLink run
   $ node ./client.js -c theme.json -l -n TargetApp server.js for macOS target
   $ node ./client.js -c theme.json -l -r -p $(frida-ps -U | grep TargetApp | awk '{print $1}') ./server.js for iOS target

• Get jailbroken device and serial cable
• Install usbmuxd - brew install usbmuxd
• Grab usbmux.py script here
• Grab tcprelay.py script here
• Drop these files into your path someplace and make executable.
• Now connect your device and run the following command. tcprelay.py -t 22:4222